لطفا منتظر باشید ...
Recipe 3.10 Restricting Access by Remote Hosts (xinetd with tcpd)
3.10.1 Problem
You
want only particular remote hosts
to access a TCP service via
xinetd
,
when xinetd was not compiled
with libwrap support.
3.10.2 Solution
Set up access control rules in
/etc/hosts.allow
and/or
/etc/hosts.deny. For example, to permit
telnet connections only from 192.168.1.100 and
hosts in the example.com
domain, add to /etc/hosts.allow:
in.telnetd : 192.168.1.100
in.telnetd : *.example.com
in.telnetd : ALL : DENY
Then modify
/etc/xinetd.conf or
/etc/xinetd.d/servicename to invoke
tcpd in place of your service:
Old /etc/xinetd.conf or /etc/xinetd.d/telnet:
service telnet
{
...
flags = ...
server = /usr/sbin/in.telnetd
...
}
New /etc/xinetd.conf or /etc/xinetd.d/telnet:
service telnet
{
...
flags = ... NAMEINARGS
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.telnetd
...
}
Then reset xinetd so your changes take effect.
[Recipe 3.3]
3.10.3 Discussion
This technique is only for the rare case when, for some reason, you
don't want to use
xinetd's built-in access control
[Recipe 3.8] and your xinetd does
not have libwrap support compiled in. It mirrors the original
inetd method of access control using TCP-wrappers.
[Recipe 3.11]You must include the flag
NAMEINARGS, which tells
xinetd to look in the
server_args line to find the
service
executable name (in this case,
/usr/sbin/in.telnetd).
3.10.4 See Also
xinetd(8), hosts.allow(5), tcpd(8).
